A new report claims to measure the extent of the global cyber-security talent gap.
In a new report on millennials and cyber-security, IT company Raytheon has come up with some interesting results, chiefly taking a global look at young people's preparedness for cyber-security and their prospects for entering the industry as cyber-security professionals.
The production of Securing Our Future: Closing the Cyber Talent Gap was a cross-industry effort, bringing together cyber-security companies, government actors like the US Department of Homeland Security and private institutions like Comcast and Blackberry.
The researchers surveyed nearly 4000 people, between the ages of 18 and 26, from Estonia, France, Germany, Japan, Poland, Qatar, the Republic of Korea, Saudi Arabia, the UK, United Arab Emirates and the US.
The report doesn't underplay the scope of the problem or the opportunity presented by the global skills gap.
“As stories in the news of digital attacks against individuals and companies are becoming a common reality, the high demand globally for cyber-security professionals keeps growing as the threat increases,” the report says.
While the danger of attack has increased not only in practical risk but in people's minds, preparation for cyber-attacks has not followed suit: “This talent gap has serious implications for domestic and international economics and security and must be addressed.”
Chief among Securing Our Future's findings is that although millennials might be broadly interested in cyber-security, they are not being equipped with the skills to pursue that path.
Globally, 58 percent of millennials said they were never taught how to stay safe online and 62 percent said that they had never been told by a teacher or guidance counsellor that a career in cyber-security was even an option.
Dr Stephen Wright, manager of the National Cyber Skills Centre, a company that trains people in cyber-security, spoke to SCMagazineUK.com and said that while the UK has a skills gap that never fails to be a topic of grave conversation throughout the industry, this problem is global.
Wright lived in the US for 16 years and said, “They're facing the same problem. I would imagine throughout Europe the same issues are there."
While the Middle East doesn't buck this general trend, in many key areas it outperforms both the US and Western Europe. This area of the world might be the one to watch for the cyber-security professionals of the future.
Young people in the Middle East have a better understanding – 12 percent better than the US – of what a cyber-security career involves. Young adults in the Middle East outperformed all other categories in being taught cyber-security in the classroom, with 59 percent of respondents saying they had learned about it in school.
A spokesperson from Raytheon told SC, "Middle Eastern young adults are getting good education and cyber career awareness is high.”
However, he lamented, “Career interest remains low. There is a clear need for educators, parents and career counsellors to do more.” Although education is good, 42 percent of young adults are less likely to look for a job in the sector.
The gap that orthodox education has left in cyber-skills, other forms have taken up. Respondents said that the people who had taught them most about cyber-security were their relatives.
The gap gets worse when divided along gender lines. Three-quarters of women said they had not received any formal education on the topic and nine percent more women than men told the authors of the report that they had not been informed by any educator about cyber-security careers as a future option.
Young men are still more likely to pursue careers in cyber-security, but nowhere is this more pronounced than the US, with men 17 percent more likely to consider a job in the field.
Why is this? Raytheon told SC that while the gender gap in this field is largest in the US, “young women say they have less access to enrichment activities such as cyber competitions, scholarships, internships, career fairs, cyber clubs and mentoring programmes. Teachers and career counsellors mention and encourage cyber careers as an option to young men more than to young women.”
Wright maintains that the gender gap in cyber-security jobs will change: “It's interesting, we're seeing a big shift.”
The National Cyber Skills Centre recently attended an event with hundreds of school-aged, millennial girls. Wright thinks this might be a sign of that shift: “It will be changing as women's and young girls' eyes are being opened to the possibilities of this.”
While perhaps the gender gap in cyber-security might have been a sociological phenomenon, “I think that big steps are being taken to change that," Wright said.
Much is made of the sense of overconfidence and entitlement in the millennial generation. The report provides yet more data on this fact. Millennials feel far more secure online than perhaps they should be. While news of large scale hacks and cyber-crime make it ever more into the headlines, millennials remain blind to those facts: 84 percent of millennials say they hadn't read articles about cyber-attacks in the past year.
It's not all gloom and doom, though. In only a year the number of millennials who consider choosing a job in cyber-security has risen by nearly 30 percent. Nearly 40 percent of millennials have already shown interest or taken part in some kind of competition, internship, scholarships, job fairs or mentoring programs related to cyber-security.
Educators must help to close this gap, Raytheon told SC. Cyber-security is a new field “for most teachers and counsellors, so they are less likely to encourage students to consider careers they themselves are not familiar with”.
The Raytheon report said, “Unlike other fields of studies in the past that developed over decades, today's critical needs have driven cyber-security's demands quicker than our ability to teach and encouraged enough young adults to consider this as a career.”
This opportunity should not be missed, concludes the report: “With online breaches and attacks trending in today's headlines, there is a golden opportunity for industry and educators to mention cyber-security careers and generate more interest with millennials and younger generations.”
It adds, “Millennials and the future generations would be more interested in cyber-security professions if they had information about the many career paths and the required training.”